COSTECH Integrated Repository

Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach

Show simple item record

dc.creator Agghey, Abel
dc.creator Mwinuka, Lunodzo
dc.creator andhare, Sanket
dc.creator Dida, Mussa
dc.creator Ndibwile, Jema
dc.date 2021-12-01T05:35:34Z
dc.date 2021-12-01T05:35:34Z
dc.date 2021-11-17
dc.date.accessioned 2022-10-25T09:15:55Z
dc.date.available 2022-10-25T09:15:55Z
dc.identifier https://doi.org/10.3390/sym13112192
dc.identifier https://dspace.nm-aist.ac.tz/handle/20.500.12479/1399
dc.identifier.uri http://hdl.handle.net/123456789/94693
dc.description This research article published by MDPI, 2021
dc.description Over the last two decades (2000–2020), the Internet has rapidly evolved, resulting in symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide. With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to our computing environment. Brute-force attack is among the most prominent and commonly used attacks, achieved out using password-attack tools, a wordlist dictionary, and a usernames list—obtained through a so-called an enumeration attack. In this paper, we investigate username enumeration attack detection on SSH protocol by using machine-learning classifiers. We apply four asymmetrical classifiers on our generated dataset collected from a closed-environment network to build machine-learning-based models for attack detection. The use of several machine-learners offers a wider investigation spectrum of the classifiers’ ability in attack detection. Additionally, we investigate how beneficial it is to include or exclude network ports information as features-set in the process of learning. We evaluated and compared the performances of machine-learning models for both cases. The models used are k-nearest neighbor (K-NN), naïve Bayes (NB), random forest (RF) and decision tree (DT) with and without ports information. Our results show that machine-learning approaches to detect SSH username enumeration attacks were quite successful, with KNN having an accuracy of 99.93%, NB 95.70%, RF 99.92%, and DT 99.88%. Furthermore, the results improve when using ports information.
dc.format application/pdf
dc.language en
dc.publisher MDPI
dc.subject Username enumeration
dc.subject Enumeration attack
dc.subject Password enumeration
dc.subject Brute-force attack
dc.subject Machine-learning
dc.title Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach
dc.type Article


Files in this item

Files Size Format View
JA_CoCSE_2021.pdf 1.372Mb application/pdf View/Open

This item appears in the following Collection(s)

Show simple item record

Search COSTECH


Advanced Search

Browse

My Account